[Dovecot] logging of failed SASL usernames

Reindl Harald h.reindl at thelounge.net
Sun May 18 09:28:52 UTC 2014


as far as i understand postfix has no way to know the username of
such failed logins like below, IMHO dovecot internally does because
it verifies against the sql-userdatabase

is there a way that dovecot logs the username?

after ask the users to change their passwords for safety caused
by Heartbleed it was easy to write a tool find forgotten devices
in case of IMAP/POP3 but especially Apple clients force to enter
the new password seperated for incoming and outgoing server and
don't tell the user if things don't work

so there is really a need support them and fuzzy logic based on the last
successful IMAP/POP3 login from a IP and failed send attempts from the
same IP shortly after receive mail leaves a bad taste of only a guess

May 18 11:19:09 mail postfix/smtpd[5173]: warning: unknown[177.139.182.86]: SASL LOGIN authentication failed:
UGFzc3dvcmQ6
May 18 11:19:15 mail postfix/smtpd[5173]: warning: unknown[177.139.182.86]: SASL LOGIN authentication failed:
UGFzc3dvcmQ6


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140518/70ca6cc0/attachment.sig>


More information about the dovecot mailing list